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REMARKS 



Reconsideration of this application is respectfully requested in view of the foregoing 
amendment and the following remarks. 

Claims 1-11 were pending in this application. Claims 1 and 6 have been amended hereby 
to more clearly recite features of the present invention. Support for the amendments to claims 1 
and 6 can be found in, e.g., Table 1 at p. 33, and paragraphs [0060] - [0061] of the instant 
specification. No new matter has been entered. Upon entry of this amendment, claims 1-1 1 will 
be pending herein, with claims 1 and 6 being independent. For the reasons stated below, 
Applicant respectfully submits that all claims pending in this application are in condition for 
allowance. 

Applicant's representatives thank the Examiner for the courtesies extended during the 
telephone interview conducted January 9, 2007. The substance of that interview is incorporated 
into the following remarks. 

In the Office Action, claims 1-1 1 were rejected under 35 U.S.C. §102(b) as being 
anticipated by Ghosh et al. ("An automated approach for identifying potential vulnerabilities in 
software," "Ghosh"). To the extent this ground of rejection might be applied to the claims 
presently pending in this application, they are respectfully traversed. 

The claimed invention is directed to a method and system for certifying software 
applications by creating a vulnerability knowledge database comprising one or more classes of 
known software vulnerabilities; applying a code parser to the software application to create an 
abstract syntax tree; comparing the abstract syntax tree and the classes of known software 
vulnerabilities to identify a set of potential exploitable software vulnerabilities; performing a 
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static analysis of the source code, wherein the static analysis is a flow sensitive analysis of a list 
of constraints, and wherein the results of the static analysis comprise a set of exploitable software 
vulnerabilities; performing a first dynamic analysis of the software, wherein the first dynamic 
analysis comprises a set of tests to achieve code coverage; performing a second dynamic analysis 
of the software, wherein the second dynamic analysis comprises injecting faults into the software 
while being executed; and performing any two of said analysis steps in a pipelined manner. 

Claims 1 and 6 have been further amended to recite that a constraint is a formal assertion 
describing how a program, function or procedure would affect a state of the software application 
if the software application were executed . That is, the "constraints" recited in the claims are 
"assertions," not, e.g., functions. More specifically, the "constraints" recited in the claims are 
like those shown in the right hand column of Table 1 at p. 33 of the specification. This is in 
contrast to the entries on the left hand side of Table 1, which are merely standard library 
functions. Moreover, as explained in, e.g., paragraphs [0060]-[0061] of the specification, the 
"constraints" of the invention recited in the claims are generated from the standard library 
functions. 

Ghosh is completely silent regarding any kind of formal assertion used as a constraint in 
its vulnerability testing, let alone such a constraint that is generated from a standard library 
function. Thus, as explained during the telephone interview, and set forth above, Ghosh cannot 
anticipate the claims now pending in this application, and Applicant therefore respectfully 
requests that the § 102(b) rejection be reconsidered and withdrawn. 

It is noted also that the claims have been amended to expressly recite that the claimed 
method or system is used for software certification, as recited in the preambles of the claims. 



LEGAL_US_E # 74200448.1 



Serial No.: 10/050,764 Attorney's Docket No.: CIG-109-US 

Art Unit: 2136 Page 8 

In view of the foregoing, all of the claims in this application are believed to be in 

condition for allowance. Should the Examiner have any questions or determine that any further 

action is desirable to place this application in even better condition for issue, the Examiner is 

encouraged to telephone applicant's undersigned representative at the number listed below. 



PAUL HASTINGS JANOFSKY & WALKER LLP 
875 15th Street, N.W. 

Washington, DC 20005 Respectfully submitted, 

Tel: 202-551-1879 



Date: February 20, 2007 By: 





Lawrence D. Eisen 
Registration No. 41,009 



Attachments: None 
LDE/dkp 
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